Thursday, September 3, 2020

On the frontline


So this happened at work yesterday:

An email came into my queue that looked bogus: it purported to be about some purchase order. And I didn’t recognize the sender. And it was supposedly via “Dropbox Secure Transfer”. And my company doesn’t use Dropbox.

So I clicked on the report phishing button, as I’ve had occasion to do a couple of times in the past, and immediately got this reply:


On the one hand, this really wasn’t much of a brainer—if you’re going to try to tempt me to click on something, at least pretend to use an application that’s approved within the environment. (I actually contacted Help Desk before downloading my home printer driver on my work laptop; this organization is serious about not infecting devices and networks with unauthorized miscellanea.)

On the other hand, people—do not click on links from senders you don’t know. And even don’t do it from people you think you know. Phishing is one of the easiest ways for threat actors to do really bad things to your PC, to your address list and to your company’s network. I read two to five stories a week about ransomware, malware and other crap that shuts down hospitals, governments and companies where the point of entry was some employee clicking on a malicious link.

I’m glad I passed the test. And I hope you stay vigilant, too.


No comments:

Post a Comment